Port blocking
Introduction A network security system that prevents external destructive threats accessing internal network of organizations is known as firewall . Normally it is a combination of many components, including a packet filter, a proxy server,a system to authenticate and Network Address Translation (NAT) performing software. The essential aspect in implementing a firewall rule is to know the order in which that firewall rule is executed. Normally firewall processes top priority rule at first and then proceed to the next. Inbound and Outbound Firewall Rules Inbound firewall rules limit the external access to the confidential resources of an organization.It facilitates the process of allowing or blocking incoming network traffic based on the priority in the firewall rules.It is very important to describe the incoming traffic types in firewall rules in order to allow them to use the local network, as the default configuration of firewalls block all incoming traffics. Outbound rules deal with network traffic originating from local computers. This determines the accessibility of internal users to the external hosts. Based on the outbound firewall rule, the firewall may allow or block network traffics coming from the local machines. Whenever a new firewall rule is established , it will be updated on the firewall rules wizard (Fig 1) and the packets are processed based on the firewall rules order in the wizard, beginning from the top. Port Blocking Firewall helps blocking specific usage of internet services to group of people that is often based on IP addresses of local and external networks, service port numbers. This is called '''service blocking or port filtering. '''But application gateway firewalls can be used to give special access to that services to specific local machines.Here the connectivity based firewalls act as a proxy server. An intended user or a specific group of clients can be denied by network managers from onward transmission of traffic or accessing the inward traffic. Normally this can be achieved by port blocking process. Users on internal networks may attempt to exploit the enabled ports to disturb the regular server services or try to access unnecessary internet resources. Ports blocking helps Network managers implementing firewall Egress filtering to avoid the above issue .Port blocking is a process of selectively enabling or disabling ports on computers and network devices. The knowledge of ports used by different applications is necessary to deny clients from accessing these applications.For instance, SNMP listens to port number 161.If we block port number 161, the access for SNMP services will be denied.Some ISPs perform port blocking to give high quality and security services to the customers.Different types of port scanning methods can be used by the network administrators to verify the firewall security policies. These methods help in blocking unused open and suspicious active ports. Most of the organizations block certain TCP/UDP ports along with some ICMP outbound messages. Normally ICMP Echo reply packets are sent as a response to Echo request packets. Intruders can use this reply as a invisible communication channel to access the internal networks. So a well robust firewall security rule should block both inbound Echo request and outbound Echo reply. Strategies in Firewall port blocking * Outbound traffics that are trying to reach DROP(Don't Route Or Peer) or BGP filter listed destinations should be blocked. * Allow outbound connections based on the Firewall Egress traffic enforcement policy. * Enable only specific service ports for inter server communications. * Block all the client established connections that are not relevant to the organizations. * For better security, VLAN Workgroup's outbound traffic should be blocked. References 1.http://documentation.netgear.com/dg834n/enu/202-10197-02/Firewall.5.4.html 2.http://technet.microsoft.com/en-us/library/dd421709(v=ws.10).aspx#bkmk_Firewallrulepriority 3.http://way2hack.com/block-port-windows-firewall/ 4.Guide to Firewalls and Network Security with Intrusion Detection and VPNs, Greg Holden, Thomson Course Technology Publications.